From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Simmons To: development@lists.ipfire.org Subject: Re: [RFC] unbound: Increase timeout value for unknown dns-server Date: Wed, 06 Jan 2021 06:02:41 -0600 Message-ID: <29ea1ac3-a966-23d6-62b1-a6ebdc216716@gmail.com> In-Reply-To: <20210106101742.6561-1-jonatan.schlag@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3493057015433170556==" List-Id: --===============3493057015433170556== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On 1/6/21 4:17 AM, Jonatan Schlag wrote: > When unbound has no information about a DNS-server > a timeout of 376 msec is assumed. This works well in a lot of situations, > but they mention in their documentation that this could be way too low. > They recommend a timeout of 1126 msec for satellite connections > (https://nlnetlabs.nl/documentation/unbound/unbound.conf). > Settings this value to 1126 msec should make the first queries to an > unknown server, more useful. > They do not timeout and so these queries do not need to be sent again. > > On a stable link, this behaviour should not have negative implications. > As the first result of queries arrive the timeout value gets updated, > and the high value of 1126 msec gets set to something useful. > > Signed-off-by: Jonatan Schlag > --- > config/unbound/unbound.conf | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf > index f78aaae8c..02f093015 100644 > --- a/config/unbound/unbound.conf > +++ b/config/unbound/unbound.conf > @@ -62,6 +62,7 @@ server: > > # Timeout behaviour > infra-keep-probing: yes > + unknown-server-time-limit: 1128 > > # Bootstrap root servers > root-hints: "/etc/unbound/root.hints" This sounds promising to me, as I have many DNS lookup timeouts (ISP is HughesNot, er, HughesNet). +1 Paul --===============3493057015433170556==--